Your gateway to all our best protection. Access our best apps, features and technologies under just one account. Get antivirus, anti-ransomware, privacy tools, data leak detection, home Wi-Fi monitoring and more.

Desert Falcons: The Middle East’s Preeminent APT

Cancun, Mexico — Researchers from Kaspersky Lab have uncovered the first ever Arabic language advanced persistent threat (APT) group. Dubbed Desert Falcons, the group of thirty or so attackers — some of whom are known by name — operates out of Palestine, Egypt and Turkey and is said to have developed and deployed their wares exclusively in the Middle East. It is impossible to determine whether Desert Falcons is state sponsored.

Their arsenal consists of homemade malware tools, social engineering and other techniques designed to execute and conceal campaigns on traditional and mobile operating systems. Particularly, Desert Falcons’ malware is intended to steal sensitive information from its victims, which is then used to fuel further operations and even for extortion attempts against impacted targets.

“More than 1 million files were stolen from victims,” the anti-malware company said. “Stolen files include diplomatic communications from embassies, military plans and documents, financial documents, VIP and Media contact lists and files.”

Desert Falcons’ attacks have claimed some 3000 victims in more than 50 countries. Most of those are located within Palestine, Egypt, Israel and Jordan, but there have also been discoveries in Saudi Arabia, the U.A.E., the U.S., South Korea, Morocco, and Qatar among other places.

Desert #FalconsAPT revealed by @Kaspersky Lab at #TheSAS2015 is the first exclusively middle eastern #APT:

The victims include military and government organizations, employees responsible for health organizations and combating money laundering, economic and financial institutions, leading media entities, research and educational institutions, energy and utilities providers, activists and political leaders, physical security companies, and other targets that have access to important geopolitical information.

Tools used in the Desert Falcons attack include backdoors into traditional computers through which the attackers install malware capable of logging keystrokes, taking screenshots and even remotely recording audio. There is also a mobile component for Android with the capacity to spy in SMS text and call logs.

The group began building its tools as early as 2011 and achieved its first infections in 2013, but it wasn’t until the end of 2014 and the beginning of 2015 that Desert Falcons’ activity really began to spike. It seems that the group is more active now than it has been at any point in the past.

Sign up to receive our headlines in your inbox

*

*

I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.